literally just open a issue with the vulnerability
may not get around to it quickly tho